From a6b3b9dd05cd1abd53d94836f1ec8913dd839ba3 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Wed, 13 Nov 2024 14:24:09 +0100 Subject: [PATCH] CONTRIBUTING page updates - adding rules --- CONTRIBUTING.md | 22 +++++++++++++++------- Zip Slip/README.md | 2 +- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5feda81..8b7c363 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -17,7 +17,10 @@ In order to provide the safest payloads for the community, the following rules m - Use `Administrator` for privileged users and `User` for normal account - Use `P@ssw0rd`, `Password123`, `password` as default passwords for your examples - Prefer commonly used name for machines such as `DC01`, `EXCHANGE01`, `WORKSTATION01`, etc -- References must have an `author`, a `title` and a `link`. The `date` is not mandatory but appreciated :) +- References must have an `author`, a `title`, a `link` and a `date` + - Use [Wayback Machine](wayback.archive.org) if the reference is not available anymore. + - The date must be following the format `Month Number, Year`, e.g: `December 25, 2024` + - References to Github repositories must follow this format: `[author/tool](https://github.com/URL) - Description` Every pull request will be checked with `markdownlint` to ensure consistent writing and Markdown best practices. You can validate your files locally using the following Docker command: @@ -29,11 +32,16 @@ docker run -v $PWD:/workdir davidanson/markdownlint-cli2:v0.15.0 "**/*.md" --con Every section should contains the following files, you can use the `_template_vuln` folder to create a new technique folder: -- README.md - vulnerability description and how to exploit it, including several payloads, more below -- Intruder - a set of files to give to Burp Intruder -- Images - pictures for the README.md -- Files - some files referenced in the README.md +- **README.md**: vulnerability description and how to exploit it, including several payloads, more below +- **Intruder**: a set of files to give to Burp Intruder +- **Images**: pictures for the README.md +- **Files**: some files referenced in the README.md -## README.md format +## README.md Format -Use the example folder [_template_vuln/](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/). The main page is [README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/README.md). +Use the example folder [_template_vuln/](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/) to create a new vulnerability document. The main page is [README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/_template_vuln/README.md). It is organized with sections for a title and description of the vulnerability, along with a summary table of contents linking to the main sections of the document. + +- **Tools**: Lists relevant tools with links to their repositories and brief descriptions. +- **Methodology**: Provides a quick overview of the approach used, with code snippets to demonstrate exploitation steps. +- **Labs**: References online platforms where similar vulnerabilities can be practiced, each with a link to the corresponding lab. +- **References**: Lists external resources, such as blog posts or articles, providing additional context or case studies related to the vulnerability. diff --git a/Zip Slip/README.md b/Zip Slip/README.md index c46f9e7..0a88813 100644 --- a/Zip Slip/README.md +++ b/Zip Slip/README.md @@ -48,5 +48,5 @@ For affected libraries and projects, visit [snyk/zip-slip-vulnerability](https:/ ## References -- [Zip Slip - Snyk - Jun 5, 2018](https://github.com/snyk/zip-slip-vulnerability) +- [Zip Slip - Snyk - June 5, 2018](https://github.com/snyk/zip-slip-vulnerability) - [Zip Slip Vulnerability - Snyk - April 15, 2018](https://snyk.io/research/zip-slip-vulnerability) \ No newline at end of file